Article 93 — Sharing of information with national competent authorities by the AI Office (EU AI Act)

Article 93 of Regulation (EU) 2024/1689 — Sharing of information with national competent authorities by the AI Office. Official text, practical interpretation, key obligations and compliance implications.

Official Text Summary

Article 93 of Regulation (EU) 2024/1689 (the EU AI Act) governs the sharing of information between the AI Office and national competent authorities across EU Member States. It establishes the AI Office's authority and, in appropriate circumstances, its obligation to transmit relevant information obtained during the exercise of its functions to the national competent authorities responsible for supervising and enforcing the Regulation at the Member State level.

The provision recognises that the AI Office operates at the Union level with a particular mandate covering general-purpose AI models and systemic risks, while national competent authorities exercise day-to-day market surveillance and enforcement in respect of AI systems placed on or put into service in their territories. Effective cooperation between these two tiers of oversight requires structured and reliable channels for information flows in both directions, but Article 93 specifically addresses the outward flow from the AI Office to national authorities.

The article ensures that national authorities are equipped with the information they need to carry out their supervisory functions effectively, including findings from investigations, technical assessments, and monitoring activities conducted by the AI Office. This information-sharing obligation is balanced against the confidentiality requirements applicable throughout the Regulation, meaning that sensitive commercial data, trade secrets, and personal data must be protected even as cooperation is facilitated. The provision thus serves as an operational bridge between Union-level oversight and Member State enforcement.

What This Means in Practice

In practical terms, Article 93 creates a cooperative intelligence framework between the AI Office and the 27 national competent authorities designated under Article 70 of the EU AI Act. For organisations developing, deploying, or distributing AI systems within the EU, this article has significant compliance implications because it means that information gathered during any AI Office inquiry or evaluation may flow directly to the authority in the Member State where their system is deployed or their establishment is located.

For providers of general-purpose AI models, this is particularly relevant. If the AI Office conducts an investigation into a model's systemic risks or compliance with transparency obligations and obtains technical documentation, test results, or incident reports in that process, national authorities responsible for enforcing downstream obligations with respect to that model could receive and act upon that information. A provider cannot therefore treat an AI Office inquiry as separate from national enforcement exposure.

For deployers of high-risk AI systems, Article 93 means that national market surveillance authorities may be better informed by AI Office findings when they conduct their own inspections and audits. An authority investigating whether a high-risk AI system used in, say, employment screening complies with the requirements of Chapter 3 of Title III may be informed by AI Office findings about the general-purpose model underlying that system.

Practically, organisations should treat information disclosed to the AI Office as potentially available to national authorities, maintain consistent positions across all regulatory interactions, and ensure that technical documentation and compliance records are coherent and up to date. Legal counsel should be engaged early in any AI Office inquiry, with awareness that its outcomes may have national enforcement consequences.

Key Obligations

• The AI Office is empowered to share with national competent authorities any information it has obtained that is relevant to those authorities' supervisory and enforcement functions under the EU AI Act.
• Information shared by the AI Office must respect applicable confidentiality obligations, including protections for trade secrets, commercially sensitive information, and personal data processed in connection with investigations.
• National competent authorities receiving information from the AI Office must handle it in accordance with the same confidentiality standards that apply to information they collect directly in the course of their own supervisory activities.
• The AI Office must act proportionately in determining what information to share, having regard to the relevance of that information to the national authority's specific mandate and the matter under consideration.
• Member State national competent authorities may, in appropriate circumstances, request information from the AI Office where they require it to exercise their functions, and the AI Office must give due consideration to such requests.
• The information-sharing mechanism under Article 93 must operate consistently with the general principles of sincere cooperation between Union institutions and Member State authorities established in EU primary law.

Relationship to Other Articles

Article 93 does not operate in isolation. It is closely linked to Article 70, which requires each Member State to designate one or more national competent authorities and a single national supervisory authority as the point of contact for the Commission. The identities and mandates of those authorities define who may receive information under Article 93.

It connects directly to the AI Office's institutional mandate established under Article 64 and the provisions governing the AI Office's investigative powers in respect of general-purpose AI models set out in Articles 88 to 91. The findings generated through those investigative processes constitute the primary category of information likely to be shared under Article 93.

The confidentiality framework applicable to information shared under this article is governed principally by Article 78, which sets out the obligations of the AI Office, national authorities, notified bodies, and other actors to protect confidential information and trade secrets. Article 93 must be read alongside Article 94, which governs the broader framework for Union-level enforcement and cooperation, and Article 95, which addresses the role of the European AI Board in facilitating coordination between Member State authorities and Union-level bodies.

Compliance Timeline

The EU AI Act entered into force on 1 August 2024, following its publication in the Official Journal of the European Union. Its provisions apply in phases according to the subject matter:

• 2 February 2025: Prohibitions on unacceptable-risk AI practices (Article 5) became applicable.
• 2 August 2025: Obligations relating to general-purpose AI models (Title VII, Articles 51 to 56) and the governance framework including the AI Office's operational mandate became fully applicable. Article 93, as a provision governing the AI Office's information-sharing function, became operationally relevant from this date, since the AI Office's investigative and monitoring activities under Articles 88 to 91 reached full effect.
• 2 December 2026: Requirements for high-risk AI systems listed in Annex I (regulated by existing Union law) apply.
• 2 August 2027: Requirements for high-risk AI systems listed in Annex III (including those in employment, education, law enforcement, and critical infrastructure) become fully applicable.

For most market participants, Article 93's practical impact intensifies as national enforcement activity increases from late 2026 onward, because it is at that point that national authorities will be most actively using AI Office intelligence to inform their market surveillance actions.